LinuxQuestions.org
Page 6 of 6 « First 45 6
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   3.8.y kernel declared dead. (https://www.linuxquestions.org/questions/slackware-14/3-8-y-kernel-declared-dead-4175461663/)

jtsn 05-20-2013 03:10 PM
Quote:
Originally Posted by gracien (Post 4955127)
Stable kernel is vulnerable to root exploit CVE-2013-2094 (3.2.29, CONFIG_PERF_EVENTS=y).
What should we do ? Upgrade to current ? Wait for Slack patch ?
Do you have hostile users with shell access on your system? Are they allowed to execute their own binaries?

Celyr 05-20-2013 05:17 PM
Well, this is still a big issue.
I suggest you to open a thread about that.
(I remeber a post of pat saying it was disabled but I can't find it)

volkerdi 05-20-2013 05:40 PM
Quote:
Originally Posted by Celyr (Post 4955219)
Well, this is still a big issue.
I suggest you to open a thread about that.
(I remeber a post of pat saying it was disabled but I can't find it)
PERF_EVENTS isn't disabled, and I don't think I said that it was. Also, the KPROBES framework used for the hotfix is *not* enabled (honestly, this seemed a little too convenient for use by a rootkit), so the hotfix doesn't work on 13.37 or 14.0.

In any case, new kernels are up now for 13.37 and 14.0, and an advisory just went out. I was never able to get a root shell out of the exploit, but I was able to crash the machine and that was bad enough. Go get 'em if you need to.

jtsn 05-20-2013 06:09 PM
Quote:
Originally Posted by volkerdi (Post 4955239)
In any case, new kernels are up now for 13.37 and 14.0, and an advisory just went out.
Is it intended that there are new kernel-headers packages? I've heard that one should always have the public kernel headers installed which were used to build glibc or otherwise stuff breaks.

volkerdi 05-20-2013 08:42 PM
Quote:
Originally Posted by jtsn (Post 4955258)
Is it intended that there are new kernel-headers packages? I've heard that one should always have the public kernel headers installed which were used to build glibc or otherwise stuff breaks.
The contents of the kernel-headers package for 13.37 should be identical since the kernel version did not change. In the case of the 3.2.45 kernel-headers package for 14.0, it very likely doesn't matter if that package is upgraded or not. I've never seen anything break from header changes within a stable kernel series. Actually, I don't think I've ever seen anything break due to a kernel-headers/glibc mismatch at all.

chytraeus 05-21-2013 12:01 AM
Quote:
Originally Posted by willysr (Post 4954618)
yes, it should work as well
okay, great, thanks :)

Poprocks 05-21-2013 12:13 AM
I couldn't get the exploit to work on either of my 14.0 machines (both running 32-bit Slackware, 3.2.29). Machines didn't crash either.

Is there anyone out there that *was* able to get a root prompt?

volkerdi 05-21-2013 12:18 AM
Quote:
Originally Posted by Poprocks (Post 4955429)
I couldn't get the exploit to work on either of my 14.0 machines (both running 32-bit Slackware, 3.2.29). Machines didn't crash either.
If you want to see the crash, compile the exploit with -O2.

Quote:
Is there anyone out there that *was* able to get a root prompt?
I'm curious about that myself. I do suspect that it is possible with the kernels 13.37 and 14.0 shipped with, but perhaps not without a bit of adjustment to the exploit.

H_TeXMeX_H 05-21-2013 03:13 AM
Here's what I get:

Code:
bash-4.2$ compile semtex.c
bash-4.2$ ./semtex
semtex: semtex.c:51: sheep: Assertion `!close(fd)' failed.
Aborted
bash-4.2$ uname -r
3.4.46
I got this with kernels 3.4.45 as well.

volkerdi 05-21-2013 03:25 AM
Quote:
Originally Posted by H_TeXMeX_H (Post 4955533)
Here's what I get:

Code:
bash-4.2$ compile semtex.c
bash-4.2$ ./semtex
semtex: semtex.c:51: sheep: Assertion `!close(fd)' failed.
Aborted
bash-4.2$ uname -r
3.4.46
I got this with kernels 3.4.45 as well.
3.4.45 (and, of course, 3.4.46) are patched against this bug. The patch went into the stable kernels sometime last month before they realized it was a security fix. I'm not sure which versions were the first to get the patch, but it's been in the stable kernels for at least a few revisions before the most recent ones.

H_TeXMeX_H 05-21-2013 04:36 AM
Well, I like to keep my kernel up to date.

Martinus2u 05-21-2013 02:10 PM
Quote:
Originally Posted by volkerdi (Post 4955544)
3.4.45 (and, of course, 3.4.46) are patched against this bug. The patch went into the stable kernels sometime last month before they realized it was a security fix. I'm not sure which versions were the first to get the patch, but it's been in the stable kernels for at least a few revisions before the most recent ones.
I hear what you're saying, but this is unusual as the standard procedure for stable kernel patches is "mainline first".


All times are GMT -5. The time now is 05:11 PM.
Page 6 of 6 « First 45 6
Show 50 post(s) from this thread on one page